About CVSS version
Hello PaloAlto Networks Team, What version of CVSS is listed in Palo Alto Networks Security Advisories? Please tell me which version it is, such as CVSS v3 or v4. Regards,
Hello PaloAlto Networks Team, What version of CVSS is listed in Palo Alto Networks Security Advisories? Please tell me which version it is, such as CVSS v3 or v4. Regards,
As of this post, Palo Alto Firewalls do not sync Phase 1 for IPSec Tunnels. If a remote end is using Dead Peer Detection, this will cause the tunnel to go down after a failover occurs and the remote end DPD hits its threshold. Since the Palo no longer has Phase 1, it cannot respond to the DPD. Despite Phase 2 being up and working, the DPD will p...
I have a question from my CBTS customer: they have a Network Security Engineer who has been going through the Beacon training in preparation for his PCNSE.At some point last month, the course he was working on was changed to "Learning plan under maintenance" . Any idea who I can go to in order to unlock the course or investigate what's going
Hello, our user want to deploy Palo Alto Firewall 3410 with Os 10.2.2, for security reason then they do the vulnerability assessment but using different device but with same OS 10.2.2. And the result is that they found 2 vulnerabilityissues, low and information. i took this VA is on the login page on palo alto firewall. The Low vulnerabilityis...
Hi, I need to add a cluster A/P FWs in Panorama. I was checking this useful link: https://www.mbtechtalker.com/migrate-a-ha-pair-of-pan-firewalls-to-panorama-management-2/ and videos on internet. I have everything under control, but I'm a little concerned about if its necessary in any point to enable the "force template value" option at some...
Hello, I am getting this error (Failed to fetch device certificate.TPM public key match failed.) on a PA460 (11.0.2-h2). I tried multiple solutions without success : This KB https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004NlxCAE but it didn't work. Multiple commit force. I even generated an OTP on the CSP but I do...
Dear All, I would like to request official documentation or a clear statement regarding the virtualization platforms supported for Cortex XSOAR on-premise deployments. Specifically, I would like to know: Which hypervisors (e.g., VMware ESXi, KVM, Hyper-V, etc.) are officially supported for installing and running Cortex XSOAR? If there is a c...
I am a beginner on the Palo Alto firewall. When to do IPSEC and NAT 😊 I need to create a NAT rule that will allow traffic from 77.221.253.132 - the partner only has 1 public IP address and it is on their firewall.If I make a route to the public IP address(77.221.253.132) and route to the Tunnel interface - the IPSEC tunnel go down.how should ...
Hello All, What is the best approach to migrate a Palo Alto firewall configuration with VSYS to another Palo Alto firewall (As is)?
Greetings from Detroit Michigan! I have been tasked with migrating our current PA-5220 pair firewalls to a new PA-3420 pair. I have been led to believe that the "Expedition" tool will help with this task. The problem simply put is that the documentation for this is quite spartan in the area of migrating from a PA to a PA. We are using Expedi...
Hi All, i am bit confuses how the fixed PAN-OS version information works for example 11.1.10-h1 can PAN-293673. Since PAN-293673 was already fixed in 11.1.6-h7 (which is lower than 11.1.10-h1), does that mean a higher version automatically includes fixes for known issues from lower versions, right? If so, that’s what confuses me: if PAN-2...
I'm trying to setup globalprotect where once a user successfully logs in, they pull an IP from our dedicated, internal DHCP server with all the DHCP options. So essentially, setup Palo Alto for a DHCP relay for the GlobalProtect clients. I was trying to do this, but the Tunnel Interface I'm using for the GlobalProtect network doesn't have an IP ...
Hi All, While troubleshooting a intermittent GP issue, I have noticed the below error repeating in the useridd.log. I am not sure if this part of the problem or not, but it does look a little worrying. I can still browse AD from the firewall and find groups. 2021-09-20 16:18:10.268 +1000 connecting to ldap://[192.168.1.1]:389 ...2021-09-20 16:18...
I would like to know if its possible to send GP events (users connecteds, time sessions...) to a radius server? I know its possible via syslog
Hello, I am migrating old ASA to Palo Alto PA-440, one of the things i am trying to migrate is IPsec tunnel, that Ipsec tunnel carries only two remote hosts which are sources and destination for GRE endpoint on Cisco Switches. When i try to migrated it users complained about the unable to ssh to end hosts, when we tried to ping with the -df bit ...
| Subject | Likes |
|---|---|
| 4 Likes | |
| 2 Likes | |
| 2 Likes | |
| 1 Like | |
| 1 Like |
| User | Likes Count |
|---|---|
| 4 | |
| 3 | |
| 2 | |
| 2 | |
| 2 |

